Mikado-Themes Dolcino allows attackers to read local files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Mikado-Themes Dolcino allows attackers to read local files

CVE-2026-22410

Summary

A security issue in Dolcino, a popular theme for websites, allows an attacker to read sensitive files on the server. This could lead to the exposure of confidential information. To protect your website, update Dolcino to the latest version (version 1.7 or higher).

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dolcino dolcino allows PHP Local File Inclusion.This issue aff...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/dolcino/vulnerability/wordpress-...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026